sub dump_ipt_policy() {
my $rv = 0;
+
my $fh = *STDOUT;
$fh = *STDERR if $debug;
+
+ if ($config{'ENABLE_IPV6_DETECTION'} eq 'Y') {
+ print $fh "\n[+] ip6tables policy dump:\n";
+ if (defined $cmds{'ip6tables'} and -x $cmds{'ip6tables'}) {
+ my @ipt_ver = @{&run_command($cmds{'ip6tables'}, '-V')};
+ if (@ipt_ver) {
+ print $fh $_ for @ipt_ver;
+ print "\n";
+ }
+ my @lines = @{&run_command($cmds{'ip6tables'}, '-v -n -L')};
+ for my $line (@lines) {
+ unless ($fw_include_ips) {
+ ### always include ::/0
+ $line =~ s|\s\:\:/0\s|___PsAd0Net___|g;
+ $line =~ s|\s([A-Fa-f0-9\:]{2,40}/\d{1,3})\s| ::/x |g;
+ $line =~ s|___PsAd0Net___| ::/0 |g;
+ }
+ print $fh $line;
+ }
+ } else {
+ print $fh "[*] Could not find ip6tables command.\n";
+ $rv = 1;
+ }
+ }
+
print $fh "\n[+] iptables policy dump:\n";
if (defined $cmds{'iptables'} and -x $cmds{'iptables'}) {
my @ipt_ver = @{&run_command($cmds{'iptables'}, '-V')};
print $fh "[*] Could not find iptables command.\n";
$rv = 1;
}
+
return $rv;
}
/usr/local/bin
/usr/local/sbin
);
+
CMD: for my $cmd (keys %cmds) {
next CMD if defined $exceptions_hr->{$cmd};
+
### both mail and sendmail are special cases, mail is not required
### if "nomail" is set in REPORT_METHOD, and sendmail is only
### required if DShield alerting is enabled and a DShield user
next CMD unless ($config{'ENABLE_DSHIELD_ALERTS'} eq 'Y'
and $config{'DSHIELD_ALERT_EMAIL'} ne 'NONE');
}
+
+ if ($cmd eq 'ip6tables') {
+ next CMD unless $config{'ENABLE_IPV6_DETECTION'} eq 'Y';
+ }
+
unless (-x $cmds{$cmd}) {
my $found = 0;
PATH: for my $dir (@path) {
projects / psad.git / commitdiff